FROM node:20.18.2 as Builder

RUN mkdir -p /home/openubmc/docs
WORKDIR /home/openubmc/docs
COPY . /home/openubmc/docs

ARG ENV_FLAG
ENV MY_ENV_VARIABLE ${ENV_FLAG}

RUN npm install pnpm -g
RUN pnpm install

RUN if [ "$MY_ENV_VARIABLE" != "test" ]; then \
      echo "in prod build"; \
      pnpm docs:build; \
    else \
      echo "in test build"; \
      pnpm docs:build:dev; \
    fi

FROM swr.cn-north-4.myhuaweicloud.com/opensourceway/openeuler/nginx:latest as NginxBuilder

FROM swr.cn-north-4.myhuaweicloud.com/opensourceway/openeuler/base:latest

ENV NGINX_CONFIG_FILE /etc/nginx/nginx.conf
ENV NGINX_CONFIG_PATH /etc/nginx/
ENV NGINX_PID /var/run/nginx.pid
ENV NGINX_USER nginx
ENV NGINX_GROUP nginx
ENV NGINX_BIN /usr/share/nginx/sbin/
ENV NGINX_HOME /usr/share/nginx/
ENV NGINX_EXE_FILE /usr/share/nginx/sbin/nginx
ENV DST_PATH /etc/nginx/cert

COPY --from=NginxBuilder /usr/share/nginx /usr/share/nginx
COPY --from=NginxBuilder /usr/share/nginx/sbin/nginx /usr/share/nginx/sbin/nginx
COPY --from=NginxBuilder /etc/nginx/modules /etc/nginx/modules
COPY --from=NginxBuilder /etc/nginx/geoip  /etc/nginx/geoip
COPY --from=NginxBuilder /etc/nginx/mime.types  /etc/nginx/mime.types

COPY --from=Builder /home/openubmc/docs/.vitepress/dist /usr/share/nginx/www/

RUN sed -i "s|repo.openeuler.org|mirrors.tuna.tsinghua.edu.cn/openeuler|g" /etc/yum.repos.d/openEuler.repo \
    && sed -i '/metalink/d' /etc/yum.repos.d/openEuler.repo \
    && sed -i '/metadata_expire/d' /etc/yum.repos.d/openEuler.repo \
    && yum update -y \
    && yum install -y findutils passwd shadow pcre-devel \
    && yum install -y gettext \
    && find /usr/share/nginx/www -type d -print0| xargs -0 chmod 500 \
    && find /usr/share/nginx/www -type f -print0| xargs -0 chmod 400 \
    && yum clean all

COPY ./deploy/nginx/nginx.conf /etc/nginx/nginx.conf.template

RUN touch /var/run/nginx.pid \
    && sed -i "s|PASS_MAX_DAYS[ \t]*99999|PASS_MAX_DAYS 30|" /etc/login.defs \
    && groupadd -g 1000 nginx \
    && useradd -u 1000 -g nginx -s /sbin/nologin nginx \
    && sed -i '/^PATH="\$HOME\/\.local\/bin:\$HOME\/bin:\$PATH"/d; /^export PATH/d' /home/nginx/.bashrc \
    && chmod 750 /usr \
    && chmod 550 /usr/share \
    && chown -R nginx:nginx /usr/share/nginx \
    && find /usr/share/nginx -type d -print0 | xargs -0 chmod 500 \
    && chmod 500 /usr/share/nginx/sbin/nginx \
    && mkdir -p /var/log/nginx \
    && mkdir -p /etc/nginx/cert \
    && chown -R nginx:nginx /etc/nginx/cert \
    && chmod -R 700 /etc/nginx/cert \
    && touch /var/log/nginx/error.log \
    && touch /var/log/nginx/access.log \
    && chown -R nginx:nginx /var/log/nginx \
    && chmod -R 750 /var/log/nginx \
    && chmod 640 /var/log/nginx/error.log \
    && chmod 640 /var/log/nginx/access.log \
    && chmod 640 /var/log/dnf.librepo.log \
    && chmod 640 /var/log/dnf.log \
    && chmod 640 /var/log/dnf.rpm.log \
    && chmod 640 /var/log/hawkey.log \
    && chmod 640 /var/log/*.log \
    && mkdir -p /var/lib/nginx/tmp/client_body \
    && chown -R nginx:nginx /var/lib/nginx/tmp/client_body \
    && mkdir -p /var/lib/nginx/tmp/fastcgi \
    && chown -R nginx:nginx /var/lib/nginx/tmp/fastcgi \
    && mkdir -p /var/lib/nginx/tmp/proxy \
    && chown -R nginx:nginx /var/lib/nginx/tmp/proxy \
    && mkdir -p /var/lib/nginx/tmp/scgi \
    && chown -R nginx:nginx /var/lib/nginx/tmp/scgi \
    && mkdir -p /var/lib/nginx/tmp/uwsgi \
    && chown -R nginx:nginx /var/lib/nginx/tmp/uwsgi \
    && chmod -R 500 /var/lib/nginx/ \
    && chown -R nginx:nginx /var/lib/nginx/ \
    && chown -R nginx:nginx /var/run/nginx.pid \
    && chmod 640 /var/run/nginx.pid \
    && chown -R nginx:nginx /etc/nginx \
    && chmod 550 /etc/nginx \
    && chmod 550 /etc/nginx/geoip/ \
    && chmod 440 /etc/nginx/geoip/* \
    && chmod 550 /etc/nginx/modules \
    && chmod 440 /etc/nginx/modules/* \
    && touch /etc/nginx/nginx.conf \
    && chown nginx:nginx /etc/nginx/nginx.conf \
    && chmod 640 /etc/nginx/nginx.conf \
    && chmod 640 /etc/nginx/nginx.conf.template \
    && chmod 440 /etc/nginx/mime.types \
    && chmod 700 /var/lib/nginx/tmp/client_body \
    && chmod -R 500 /home/nginx/. \
    && lsd() { \
      local v="$1"; \
        ls -ld "$v"; \
        while :; do \
          v="${v%/*}"; \
          [[ "$v" && ! -f "$v" ]] || break; \
          chown root:root "$v"; \
        done; \
      }; lsd "$NGINX_HOME" \
    && lsd() { \
      local v="$1"; \
        ls -ld $v; \
        while :; do \
        v="${v%/*}"; \
        [[ "$v"  && ! -f "$v" ]] || break; \
        chmod 550 "$v"; \
        done; \
      }; lsd $NGINX_HOME \
    && lsd() { \
      local v="$1"; \
        ls -ld $v; \
        while :; do \
        v="${v%/*}"; \
        [[ "$v"  && ! -f "$v" ]] || break; \
        chown $NGINX_USER:$NGINX_GROUP "$v"; \
        done; \
      }; lsd $NGINX_HOME \
    && rm -rf /usr/share/nginx/html/ \
    && rm -rf /usr/share/nginx/logs/ \
    && echo "umask 0027" >> /etc/bashrc \
    && echo "set +o history" >> /etc/bashrc \
    && sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile \
    && chage --maxdays 30 nginx \
    && passwd -l $NGINX_USER \
    && yum clean all \
    && usermod -s /sbin/nologin sync \
    && usermod -s /sbin/nologin shutdown \
    && usermod -s /sbin/nologin halt \
    && echo "export TMOUT=1800 readonly TMOUT" >> /etc/profile \
    && rm -rf /usr/bin/gdb* \
    && rm -rf /usr/share/gdb \
    && rm -rf /usr/share/gcc* \
    && rm -rf /usr/lib64/python3.11/bdb.py \
    && rm -rf /usr/lib64/python3.11/pdb.py \
    && rm -rf /usr/lib64/python3.11/timeit.py \
    && rm -rf /usr/lib64/python3.11/trace.py \
    && rm -rf /usr/lib64/python3.11/tracemalloc.py \
    && rm -rf /usr/share/licenses/glibc \
    && rm -rf /usr/share/locale/ar \
    && rm -rf /usr/share/locale/cpp \
    && rm -rf /usr/share/licenses/glib2/COPYING \
    && rm -rf /usr/share/man/man1/ex.1.gz \
    && rm -rf /usr/share/man/man1/rview.1.gz \
    && rm -rf /usr/share/man/man1/view.1.gz \
    && rm -rf /usr/bin/nc \
    && rm -rf /usr/bin/ncat \
    && yum remove gdb-gdbserver findutils passwd mirror cpp gcc -y

COPY ./deploy/monitor.sh ./deploy/entrypoint.sh /etc/nginx/
RUN chmod 500 /etc/nginx/monitor.sh \
    && chmod 500 /etc/nginx/entrypoint.sh \
    && chown nginx:nginx /etc/nginx/monitor.sh \
    && chown nginx:nginx /etc/nginx/entrypoint.sh \
    && yum clean all

EXPOSE 8080

USER nginx

ENTRYPOINT ["/etc/nginx/entrypoint.sh"]

